Mandates can't alter facts

Support for these bills is nonpartisan but hardly nonpolitical. There is, in the words of one congressional staffer, “a big push” to get this done. But whereas many arguments on both sides of this debate are ideological, there are some simple technological issues that will weigh more heavily on the ultimate outcome.

Focusing on the single provision in this bicameral legislative package which mandates that Internet Services Providers filter the results their customers receive from the Domain Name System, it is possible to observe simply that: it will do no good and it will do much harm.

No Internet user is required to use the Domain Name servers provided by their ISP. And if millions of American citizens who for whatever reason want to engage in online piracy can no longer do so because Congress has passed this law and their ISP is now filtering the citizen’s DNS lookups, well, those citizens will have dozens if not thousands of off-shore Domain Name servers they can switch to with the click of a mouse.

The cost of providing such off-shore services is minimal, and for off-shore pirates, the bounty is great. Sadly, many American citizens will trade both their privacy and their safety to retain their online freedoms, and their resulting losses will be felt by the rest of the American economy.

It’s not a given that every American who engages in piracy or infringement does so knowingly. Indeed many pirate web sites have a legitimate appearance and it’s easy to imagine a buyer of online goods or media purchasing fraudulent or stolen goods completely unaware.

If the DNS provisions of the pending legislation pass unchanged, we can expect the sellers of these fraudulent or stolen goods to respond to the loss of their 100 or so most valuable and recognized web site domain names with a flotilla of tens of thousands of new names. There is no way the Justice Department, or the American ISP industry, would be able to keep pace and block every new infringing domain name.

The Great Firewall of China is built to a massive scale and could easily cope with this sort of problem. Since we in America would never monitor and restrict Internet traffic at that scale, the best Congress could hope for would be a symbolic gesture that merely indicates our country’s displeasure with online piracy and infringement – without stopping such activities or even slowing them down by much.

Yet the cost of that symbolic gesture would be borne directly by every American ISP and indirectly by every one of their customers, which is to say, by nearly every American citizen.

Worse still, the DNS provisions of this pending legislation are fundamentally incompatible with security features now being added to the Domain Name System after a decade and a half of preparation. Whereas the Internet technical community has been working for fifteen years to make it possible for a web browser to know when it is being lied to by DNS, Congress now proposes that such lies become the law of the land.

The American economy has long been a target of international organized crime, and we’re now on the cusp of a new era of online security where smart applications can protect law-abiding users and our transactions by building on the foundation of Secure DNS. None of which will be possible if some lies are a matter of law whereas others are a criminal attack or a network outage – because Secure DNS cannot tell the difference between one lie and another.

Some have said that the Internet is not a law-free zone, and that’s true. The Internet is just an expression of the people who build and use it, all of whom live in some land that has laws. Enforcing those laws is important lest they become meaningless, and no one can seriously argue that online piracy and infringement are somehow victimless.

America does need protection for our artists and investors who create works of value. But America also deserves well-reasoned laws that do more good than harm. The DNS provisions must be stricken from the PIPA and SOPA bills now before Congress.

The writers are co-authors of Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill, a technical white paper submitted to Congress in May 2011.

This post was updated to reflect the correct Senate bill number for the Protect IP Act of 2011.